Prices From the Future Fool the Oracle, Ostium Drained of $24 Million in Five Minutes

marsbitPublished on 2026-07-17Last updated on 2026-07-17

Abstract

Ostium, a perpetual trading platform, suffered a security incident on July 15, resulting in significant losses from its public liquidity vault. Initial analyses from Blockaid, Cyvers, and PeckShield estimate losses of up to $24 million. The exploit occurred over a five-minute window. According to security firms, the core issue was not a missing signature, but a data integrity failure: a registered price oracle (PriceUpKeep) submitted authorized price reports with manipulated future timestamps, creating false trading profits. The protocol’s verification process confirmed the signatures as authorized but did not enforce price sanity checks or timestamp boundaries, allowing the manipulated data to be accepted for settlement. This caused the liquidity vault to pay out on these fraudulent profits. Ostium’s co-founder confirmed the team paused trading within an hour and is collaborating with law enforcement and security experts. The extracted funds were reportedly swapped for ETH, with a portion moved to Tornado Cash. The incident highlights risks in DeFi oracle designs where cryptographic signature verification is insufficient without additional safeguards for data validity, timestamp freshness, and price reasonableness. Ostium's response and planned fixes—including stricter timestamp validation, independent price checks, and circuit breakers—will be critical to preventing similar exploits.

Author: CryptoSlate

Compiled by: Deep Tide TechFlow

Deep Tide Insights: This is not missing signatures, but rather authorized signers submitting price data "from the future." When verification passes but the data itself is toxic, where is the DeFi protocol's moat? Ostium has yet to publish final loss accounting and a post-mortem report, leaving huge questions about signer privilege abuse.

On-chain perpetual trading platform Ostium reported that a five-minute security incident caused losses to its public liquidity vaults. Security firms estimate the size of the exploit at up to $24 million.

Co-founder Kaledora Kiernan-Linn confirmed the issue occurred between 14:18 and 14:23 UTC on July 15, affecting the public Ostium Liquidity Provider (OLP) vaults. She stated the team identified the problem within minutes and coordinated a trading halt within an hour. The statement did not provide an exact total loss, root cause, or final post-mortem report.

Security firms say the heart of the issue is *authorized* data, not missing signatures. Blockaid and Cyvers reported that a registered PriceUpKeep forwarder submitted authorized oracle reports with future dates, creating phantom trading profits.

SlowMist said authorized signers provided manipulated data with valid signatures, used for repeated profitable trades. These descriptions remain third-party findings, pending confirmation in Ostium's post-mortem.

Cryptographic attestation can confirm a report was signed by a permitted key. But price reasonableness, timestamp freshness, and settlement security require separate controls.

The OstiumVerifier code linked from Ostium's security documentation recovers the ECDSA signer and checks if the signer is authorized, but this verification function does not enforce price reasonableness tests or timestamp boundaries.

The code does not appear to indicate which implementation version was active during the incident, or if separate contracts applied these checks. Any timestamp, replay, price deviation, or multi-source safeguards must have been run elsewhere in the execution path.

Even if the share price is static, tokenized stocks as collateral can fail

Ostium's protocol documentation states that OLP vaults hold trader collateral and pay winning trades instantly on-chain. If false profits were accepted for settlement, the vault's liquidity footed the bill for those payments.

Public estimates climbed as tracking continued. Blockaid placed the payout near $18 million, Cyvers estimated $23.7 million, and PeckShield later described around $24 million being drained.

SlowMist's lower figure of $11.86 million appears to track a single 11,862,444.782 USDC vault outflow visible in the transaction it cited.

SummerFi DeFi's new exploit shows AI automation now overrides smart contract risk

PeckShield said the withdrawn USDC was swapped for 12,080 ETH, with 10,540 ETH having entered Tornado Cash as of its update. Kiernan-Linn said Ostium is working with law enforcement, SEAL 911, and third-party security experts.

This mechanism distinguishes Ostium from a similar issue at Hedera lending protocol Bonzo Lend four days earlier. Bonzo's incident report stated its verifier accepted a proof without a valid signature. In Ostium's case, security firms claim the reports passed the authorized signer path: authentication succeeded, but the data was allegedly unsafe.

How a zero-signature oracle unlocked $9 million from Hedera DeFi lending protocol Bonzo Lend

Ostium still needs to confirm whether the signer key was compromised, an authorized operator acted maliciously, or another privileged path was abused.

Its fixes will be judged by whether signer isolation, strict timestamp boundaries, independent price checks, rate limiting, and circuit breakers can prevent one trusted path from turning a few minutes of bad data into yet another vault payout.

Related Questions

QWhat is the core security issue that led to the exploitation of the Ostium protocol, according to the article?

AThe core issue was not missing signatures, but the submission of authorized oracle reports containing 'future' price data by a registered PriceUpKeep forwarder. The verification process checked for authorized signers but failed to validate the reasonableness of the price data and timestamp freshness, allowing fraudulent profit claims to be settled.

QWhat was the estimated financial loss to Ostium's public liquidity vault during the five-minute incident?

ASecurity estimates varied, but the figure widely reported was approximately $24 million. Blockaid initially estimated close to $18 million, Cyvers estimated $23.7 million, and PeckShield later described about $24 million being drained.

QHow does the Ostium exploit differ from the recent security incident on Bonzo Lend, as mentioned in the article?

AThe Bonzo Lend incident involved its verifier accepting a proof without a valid signature. In contrast, the Ostium exploit involved oracle reports that *did* have valid signatures from an authorized signer, meaning the authentication succeeded, but the data within the report itself was manipulated and fraudulent.

QWhat are some of the proposed fixes or improvements mentioned to prevent similar incidents in the future?

AThe article suggests that Ostium's response will be judged on its implementation of measures like signer isolation, strict timestamp boundaries, independent price checks, rate limiting, and circuit breakers to prevent a trusted path from being abused to drain the vault.

QWhat happened to a significant portion of the stolen funds after the exploit?

AAccording to PeckShield, the extracted USDC was swapped for 12,080 ETH, and at the time of their update, 10,540 ETH of that had been sent to the privacy mixer Tornado Cash.

Related Reads

Who Is Shaping Ethereum's Future: The Takeover by Token-Holding Companies Could Be the Best Thing for ETH in Years

**Title: Who is Building Ethereum's Future? Corporate ETH Holders Take Over Funding, Possibly the Best Thing for ETH in Years.** **Summary:** The Ethereum Foundation is scaling back due to fiscal concerns, but publicly traded companies holding large amounts of ETH, like Bitmine and SharpLink, are stepping in to fund protocol development. These firms collectively hold nearly 5% of ETH's circulating supply and are using their staking yields to pay for R&D. Unlike MicroStrategy, which merely accumulates Bitcoin, these ETH treasury companies are reinvesting profits directly into the protocol's development—potentially allowing all ETH holders to benefit from this free "spillover." Key drivers for this shift include these companies' stalled business model. Their "flywheel" of issuing stock to buy more ETH broke as their stock prices fell below the net value of their crypto holdings (mNAV < 1). With their ETH holdings also deeply underwater, simply waiting for price appreciation failed. By funding Ethereum's roadmap—through new non-profits like ETH Labs and Ethereum Institutional—they aim to increase the utility and value of the underlying asset that dominates their balance sheets. This creates a new alignment of interests: these companies are highly incentivized to see Ethereum succeed and are less likely to sell en masse. However, risks remain. The exact funding amounts are undisclosed, and these treasury firms themselves are vulnerable if ETH prices fall further, which could halt their contributions. **Additional Context:** The article also contrasts Jito's new "token-centric" proposal (JIP-38), which credibly directs platform fees to token buybacks, with Venice's less concrete promises, highlighting the importance of where revenue legally lands and who controls the mechanisms. Other notable industry updates include the rise of TradFi perpetuals on Hyperliquid, new Bitcoin staking via Stacks, and various DeFi product launches.

marsbit12m ago

Who Is Shaping Ethereum's Future: The Takeover by Token-Holding Companies Could Be the Best Thing for ETH in Years

marsbit12m ago

Opening Claude's Brain Is Useless; The True Key to the AI Black Box Lies in Ontology Engineering

"Dissecting Claude's Brain Is Futile: The Real Key to the AI Black Box Lies in Ontology Engineering" This article critiques the limitations of Anthropic's "J-Space" research, which attempts to explain AI models by observing their internal neural activation patterns, akin to fMRI brain scans. While this "internalist" approach offers unprecedented visibility into model states, it fundamentally conflates observability with true explainability. The core issue is that understanding a model's output requires more than tracing neural activity; it necessitates examining the meaning of the information it processes—its relationship to the world, semantic norms, and human cognitive frameworks. The author proposes a paradigm shift: moving from a neuroscience-inspired focus on the model itself to an "information ontology" approach centered on the knowledge the model handles. Drawing from Kant's philosophical categories, the argument posits that true explainability lies in structuring and understanding information within a formal conceptual framework, not in peering into the "black box." The practical application of this theory is ontology engineering. Ontologies provide a structured, computable framework for knowledge, serving as a semantic anchor for model outputs. The article details a bidirectional synergy: Large Language Models (LLMs) can automate and scale ontology construction, while ontologies, in turn, enhance AI explainability. They act as a verification framework, allowing model reasoning to be traced back to defined concepts, properties, and relationships. This transforms explainability from the impossible task of making neural networks transparent into the achievable engineering goal of making their outputs and impacts understandable, traceable, and accountable. The future of AI explainability, therefore, lies not in explaining the model's internal mechanics but in explaining and governing the knowledge structures and real-world effects of its outputs.

marsbit21m ago

Opening Claude's Brain Is Useless; The True Key to the AI Black Box Lies in Ontology Engineering

marsbit21m ago

Trading

Spot
活动图片